php sessions


#1

hai i am new for php programming …i can be avoid only one user active per session i not know how to dothis …any help…


#2

Have an active field in the database and check if the user is active before setting a session.


#3

You can try this belo code but you have to re write some steps

[php]

./includes/functions.php

For some reason they don’t exist on that same page, as my check_login function is also on the functions.php page. But when I do the check it fails:

function login_check($mysqli) {
//Check if session variables are met
if (isset($_SESSION[‘user_id’], $_SESSION[‘email’], $_SESSION[‘login_string’])) {

I have another page called process_login.php which is in

./php/process_login.php
<?php include "../includes/db_connect.php"; include "../includes/functions.php"; include "../includes/required.php"; if(isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = hash('sha512', $_POST['p']); //Encrypted password if (login($email, $password, $mysqli) == true) { //Login success echo "Logged in!"; //header("Location: ".ROOT."index.php");; } else { //Not user found echo "Not user found with those details"; } } ?>

You are logged in as <?=$_SESSION['email']?>!

Your user ID is: <?=$_SESSION['user_id']?>.

You have <?=$_SESSION['perms']?> rights.

This is my login script which creates the session variables

function login($email, $password, $mysqli) {
//Use prepared statements to stop SQL Injection
if ($stmt = $mysqli->prepare(“SELECT id, email, password, salt, perms FROM users WHERE email = ? LIMIT 1”)) {
$stmt->bind_param(‘s’, $email); //Bind “$email” to paramater
$stmt->execute(); //Execute the query
$stmt->store_result();
$stmt->bind_result($user_id, $email, $db_password, $salt, $perms); //get variables from result
$stmt->fetch();
$password = hash(‘sha512’, $password.$salt); //hash the password with the unique salt

    if ($stmt->num_rows == 1) { //If user exists
        //Check that user account isn't locked
        if (checkbrute($user_id, $mysqli) == true) {
            //Account is locked, alert user
            return false;
        } else {
            if ($db_password == $password) { //Check that passwords match
                //matches, create session
                $_SESSION['user_id'] = $user_id;
                $_SESSION['email'] = $email;
                $user_browser = $_SERVER['HTTP_USER_AGENT']; //Create hash with password and user agent
                $_SESSION['login_string'] = hash('sha512',$password.$user_browser);
                $_SESSION['perms'] = $perms;
                return true;
            }
        }
    } else {
        return false;
    }
} else { 
    //Error
    echo "Prepare failed: (".$mysqli->errno.") ".$mysqli->error;
}

}[/php]
[php]

session_start();

function sec_session_start() {
$session_name = ‘ppa_session_id’; //Custom session name
$secure = false; //Set to true if using https
$httponly = true; //Stops JavaScript being able to access session id

ini_set('session.use_only_cookies', 1); //Force current cookie params

$cookieParams = session_get_cookie_params(); //Gets current cookie params
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); //Sets the session name to the custom one
session_start(); //Start the session
session_regenerate_id(); //regenerate the session, delete the old one[/php]

}